SYVANNE - 09/988,356 
Client/Matter: 060258-0284125 



IN THE CLAIMS : 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1 . (Currently Amended) A method of controlling a personal firewall in a client 
computer, said method comprising 

providing said personal firewall with at least one set of security rules to be used when 
said client computer is connected to a home network of said client computer, and at least one 
set of security rules to be used when said client computer is connected to foreign networks, 

monitoring th e determining by said persona firewall a current location of said client 
computer based on an Internet Protocol (IP) address currently used by said client computer, 

selecting by said personal firewall a predetermined network element that should be 
available for verification from the current location determined based on the IP address 
currently used by said client computer, said predetermined network element being able to 
respond only if said client computer is located in the network in which it is assumed to be on 
the basis of the current IP address, 

sending by the personal firewall to the selected predetermined network element a 
request to send a response with some data proving an identity of the selected predetermined 
network element, and 

automatically selecting by the personal firewall one of said sets of security rules by 
said personal firewall according to said current location of said client computer , if the 
selected predetermined network element sends a response with the required identity data to 
the personal firewall and thereby verifies the current location determined based on the IP 
address currently used by said client computer, or 

determining the current location unverified and selecting a default set of security rules 
by the persona firewall, if the personal firewall fails to receive from the selected 
predetermined network element a response with the required identity data which verifies the 
current location determined based on the IP address currently used by said client computer . 

2. (Currently Amended) A method according to claim 1, wherein 
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said step of providing comprises providing said client computer with said set of 
security rules in form of at least two rule bases, 

said step of selecting a set of security rules comprises enabling one of said rule bases 
at a time according to the current location of said client computer. 

3. (Currently Amended) A method according to claim 1, wherein 

said step of providing comprises providing said client computer with said set of 
security rules in form of one rule base, and 

said step of selecting a set of security rules comprises enabling and disabling rules in 
said one rule base in different combinations according to the current location of said client 
computer. 

4. (Currently Amended) A method according to claim 1 , wherein said step of 
monitoring determining comprises 

storing in said client computer an IP address space of said home network, 
comparing the current IP address of said client computer with said IP address space, 

and 

if the current IP address of said client computer matches said IP address space, 
determining said personal firewall to be located in said home network. 

5. (Original) A method according to any one of claims 1, 2 or 3, wherein said 
step of monitoring comprises 

storing in said client computer a list of IP addresses of said home network, 
comparing the current IP address of said client computer with said list of IP addresses, 

and 

if the current IP address of said client computer matches one of said addresses on said 
list, determining said client computer to be located in said home network. 

6. (Cancelled) 

7. (Cancelled) 
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8. (Currently Amended) A method according to claim 7 claim 1 , wherein said 
specific identity data is a Media Access Control (MAC) address of said predetermined 
network element. 

9. (Currently Amended) A method of managing a personal firewall in a client 
computer, comprising 

storing in said personal firewall at least one set of security rules to be used when said 
client computer is connected to a home network of said client computer, and at least one set 
of security rules to be used when said client computer is connected to foreign networks, 

storing updated sets of security rules, if any, in a centralized unit in said home 
network of said client computer, 

determining by said personal firewall a current location of said client computer based 
on an Internet Protocol (IP) address currently used by said client computer, 

selecting by said personal firewall a predetermined network element that should be 
available for verification from the current location determined based on the IP address 
currently used by said client computer, said predetermined network element being able to 
respond only if said client computer is located in the network in which it is assumed to be on 
the basis of the current IP address, 

sending by the personal firewall to the selected predetermined network element a 
request to send a response with some data proving an identity of the selected predetermined 
network element, and 

automatically selecting by the personal firewall one of said sets of security rules by 
said personal firewall according to said current location of said client computer, if the 
selected predetermined network element sends a response with the required identity data to 
the personal firewall and thereby verifies the current location determined based on the IP 
address currently used by said client computer, or 

determining the current location unverified and selecting a default set of security rules 
by the personal firewall, if the personal firewall fails to receive from the selected 
predetermined network element a response with the required identity which verifies the 
current location determined based on the IP address currently used by said client computer, 
and further comprising 

configuring said personal firewall to periodically query the availability of said 
updated sets of security rules from said centralized rule base server when being located in 
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said home network, or when having a remote access to said home network while being 
located in a foreign network, and 

loading said updated sets of security rules from said centralized rule base server to 
said personal firewall in response to said query, if such updated sets of security rules are 
available. 

10. (Original) A method according to claim 9, comprising 

monitoring the current location of said client computer based on an Internet Protocol 
(IP) address currently used by said client computer, and 

automatically activating said periodical query, when the current location of said client 
computer is in said home network. 

1 1 . (Original) A method according to claim 9, comprising 

monitoring the current location of said client computer based on an Internet Protocol 
(IP) address currently used by said client computer, 

sending log files to a centralized log server from said personal firewall, when the 
current location of said client computer is in said home net- work, said log files containing 
information on communication transactions in said client computer, 

collecting log files locally at said personal firewall, when the current location of said 
client computer is not in said home network, and 

transferring said locally collected log files from said personal firewall to said 
centralized log server, when said client computer is connected to said home network. 

12. (Currently Amended) A computer terminal, comprising 

a personal firewall provided with at least one set of security rules to be used when 
said computer terminal is connected to a home network of said computer terminal, and at 
least one set of security rules to be used when said computer terminal is connected'to foreign 
networks, r 

said personal firewall having a mechanism monitoring determining the current 
location of said computer terminal based on an Internet Protocol (IP) address currently used 
by said computer terminal, 

said personal firewall having a mechanism selecting a predetermined network element 
that should be available for verification from the current location determined based on the IP 
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address currently used by said client computer, said predetermined network element being 
able to respond only if said client computer is located in the network in which it is assumed to 
be on the basis of the current IP address, 

said personal firewall having a mechanism sending to the selected predetermined 
network element a request to send a response with some data proving an identity of the 
selected predetermined network element, and 

said personal firewall having a mechanism automatically selecting one of said sets of 
security rules by said personal firewall according to said current location of said computer 
terminal , if the selected predetermined network element sends a response with the required 
identity data to the personal firewall and thereby verifies the current location determined 
based on the IP address currently used by said client computer, or 

said personal firewall having a mechanism automatically determining the current 
location unverified and selecting a default set of security rules, if the personal firewall fails to 
receive from the selected predetermined network element a response with the required 
identity data which verifies the current location determined base don the IP address currently 
used by said client computer. . 

13. (Cancelled) 

14. (Currently Amended) A computer-readable medium, containing a computer 
software which, when executed in a computer device, causes the computer device to provide 
a personal firewall routine comprising 

storing by said personal firewall at least one set of security rules to be used when said 
computer device is connected to a home network of said computer device, and at least one set 
of security rules to be used when said computer device is connected to foreign networks, 

monitoring determining by said personal firewall the current location of said 
computer device based on an Internet Protocol (IP) address currently used by said computer 
device 

selecting by said personal firewall a predetermined network element that should be 
available for verification from the current location determined based on the IP address 
currently used by said client computer, said predetermined network element being able to 
respond only if said client computer is located in the network in which it is assumed to be on 
the basis of the current IP address, 
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sending by the personal firewall to the selected predetermined network element a 
request to send a response with some data proving an identity of the selected p redetermined 
network element , and 

automatically selecting one of said sets of security rules by said personal firewall 
according to said current location of said computer device , if the selected predetermined 
network element sends a response with the required identity data to the personal firewall and 
thereby verifies the current location determined based on the IP address currently used by 
said client computer, or 

determining the current location unverified and selecting a default set of security rules 
by the personal firewall if the personal firewall fails to receive from the selected 
predetermined network element a response with the required identity data which verifies the 
current location. . 

15. (Cancelled) 

16. (Currently Amended) A computer device, comprising a personal firewall 
routine con- figured to store security rules for a home network of said computer device, and 
for foreign networks, 

determine current location of said client computer based on an Internet Protocol (IP) 
address currently used by said computer device, 

select a predetermined network element that should be available for verification from 
the current location determined based on the IP address currently used by said computer 
device, said predetermined network element being able to respond only if said computer 
device is located in the network in which it is assumed to be on the basis of the current IP 
address, 

send to the selected predetermined network element a request to send a response with 
some data proving an identity of the selected predetermined network element, and 

automatically select security rules for said personal firewall according to said current 
location of said client computer, if the selected predetermined network element sends a 
response with the required identity data to the personal firewall and thereby verifies the 
current location determined based on the IP address currently used by said computer device, 
or 
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determine the current location unverified and selecting a default set of security rules 
by the personal firewall, if the personal firewall fails to receive from the selected 
predetermined network element a response with the required identity data which verifies the 
current location determined based on the IP address currently used by said computer device, 
and further to 

periodically query the availability of updated security rules from a centralized rule 
base server in said home network of said computer device when said computer device is 
located in said home network, and 

download said updated security rules from said centralized rule base server, if such 
updated security rules are available in said centralized rule base server. 

17. (Original) A computer device according to claim 16, said personal firewall 
routine being further configured to 

activate said periodical query also when said computer device has a remote access to 
said home network while being located in a foreign network. 

18. (Currently Amended) A computer device, comprising a personal firewall 
routine configured to 

determine current location of said client computer based on an Internet Protocol (IP) 
address currently used by said computer device, 

select a predetermined network element that should be available for verification from 
the current location determined based on the IP address currently used by said computer 
device, said predetermined network element being able to respond only if said computer 
device is located in the network in which it is assumed to be on the basis of the current IP 
address, 

send to the selected predetermined network element a request to send a response with 
some data proving an identity of the selected predetermined network element, and 

automatically select security rules for said personal firewall according to said current 
location of said client computer, if the selected predetermined network element sends a 
response with the required identity data to the personal firewall and thereby verifies the 
current location determined based on the IP address currently used by said computer device, 
or 
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determine the current location unverified and selecting a default set of security rules 
bv the personal firewall, if the personal firewall fails to receive from the selected 
predetermined network element a response with the required identity data which verifies the 
current location determined based on the IP address currently used by said computer device, 
and further to 

send log files to a centralized log server, when a current location of said computer 
device is in a home network of said computer device, said log files containing information on 
communication transactions in said computer device, 

collect log files locally in said computer device, when the current location of said 
client device is not in said home network, 

transfer said locally collected log files to said centralized log server, when said 
computer device is reconnected to said home network. 

19. (Original) A computer-readable medium, containing computer software 
which, when executed in a computer device, causes the computer device to provide a 
personal firewall routine comprising 

storing security rules for a home network of said computer device, and for foreign 
networks, 

periodically querying the availability of updated security rules from a centralized rule 
base server in said home network of said computer device when said computer device is 
located in said home network, and 

downloading said updated security rules from said centralized rule base server, if such 
updated security rules are available in said centralized rule base server. 

20. (Currently Amended) A computer-readable medium, containing computer 
software which, when executed in a computer device, causes the computer device to provide 
a personal firewall routine comprising 

determining by said p e r s onal fir e wall a curr e nt location of said cli e nt computer bas e d 
on an Int e rn e t Protocol (IP) addr es s curr e ntly us e d by said cli e nt comput e r, 

s e lecting by s aid p e rsonal firewall a pr e d e t e rmined network e l e m e nt that should b e 
availabl e for verification from th e curr e nt location d e t e rmined bas e d on the IP addre ss 
curr e ntly used by said client computer, said pr e d e t e rmined network e l e m e nt b e ing abl e to 
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respond only if said cli e nt comput e r is locat e d in th e network in which it is assum e d to b e on 
th e basis of th e curr e nt IP addr e ss, 

s e nding by th e p e rsonal fir e wall to th e selected pr e determin e d n e twork e l e m e nt a 
r e quest to s e nd a r e spons e with som e data proving an identity of the selected predetermined 
n e twork e l e m e nt, and 

automatically s e l e cting by the p e r s onal firewall one of said sots of security rules by 
said personal fir e wall according to said current location of said cli e nt computer, if the 
select e d pr e determined network clement sends a r e spons e with the r e quired identity data to 
th e p e rsonal firewall and thereby verifies the curr e nt location d e t e rmined based on the IP 
addr e ss curr e ntly us e d by said client comput e r, or 

det e rmining th e curr e nt location unv e rified and s e lecting a default s e t of s e curity rul e s 
by th e p e rsonal fir e wall, if the personal fir e wall fails to receive from th e sel e ct e d 
pr e d e t e rmined n e twork e l e m e nt a respons e with th e r e quir e d id e ntity data which v e rifi es th e 
curr e nt location d e termin e d bas e d on th e IP addr e ss currently us e d by said cli e nt comput e r, 
and 

sending log files to a centralized log server, when a current location of said computer 
device is in a home network of said computer device, said log files containing information on 
communication transactions in said computer device, 

collecting log files locally in said computer device, when the current location of said 
client device is not in said home network, 

transferring said locally collected log files to said centralized log server, when said 
computer device is reconnected to said home network. 



30559876_1 .DOC30559876v1 



10 



